CN113839780A - Encryption method, decryption method, server and storage medium - Google Patents

Encryption method, decryption method, server and storage medium Download PDF

Info

Publication number
CN113839780A
CN113839780A CN202010586747.5A CN202010586747A CN113839780A CN 113839780 A CN113839780 A CN 113839780A CN 202010586747 A CN202010586747 A CN 202010586747A CN 113839780 A CN113839780 A CN 113839780A
Authority
CN
China
Prior art keywords
decryption
data
encryption
algorithm
plaintext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010586747.5A
Other languages
Chinese (zh)
Inventor
吴道揆
李光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202010586747.5A priority Critical patent/CN113839780A/en
Publication of CN113839780A publication Critical patent/CN113839780A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses an encryption method, a decryption method, a server and a storage medium, and belongs to the field of communication. The encryption method comprises the following steps: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; encrypting plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data; and mixing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data. The encryption key is encrypted by the encryption algorithm, so that the encryption key is difficult to break, the security of the encryption key is improved, first ciphertext data obtained by encrypting plaintext data by the encryption algorithm and the encryption key is difficult to break, the security of the data is improved, after the first ciphertext data is obtained, the encryption fingerprint and the first ciphertext data are mixed to obtain second ciphertext data, and the security of the data is improved.

Description

Encryption method, decryption method, server and storage medium
Technical Field
The present disclosure relates to the field of communications, and in particular, to an encryption method, a decryption method, a server, and a storage medium.
Background
At present, some service data with higher security requirement is generally called as sensitive configuration data, for example: specifically as a password or data for identity authentication. Because the sensitive configuration data has a requirement on security, the system firstly utilizes a local encryption key and an algorithm to encrypt the sensitive configuration data to form a ciphertext, and the ciphertext exists in the conditions of storage, response to inquiry, transmission and the like.
However, even if the sensitive configuration data is encrypted by using the encryption key and the algorithm to form the ciphertext, the security of the sensitive configuration data is low because the encryption key is easy to crack.
Disclosure of Invention
The embodiments of the present application mainly aim to provide an encryption method, a decryption method, a server and a storage medium, which aim to improve the security of an encryption key, thereby improving the security of data.
To achieve the above object, an embodiment of the present application provides an encryption method, including: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; encrypting plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data; and mixing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides an encryption method, including: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; obfuscating the encrypted fingerprint and the first plaintext data to obtain second plaintext data; and encrypting the second plaintext data by using the encryption algorithm and the encryption key to obtain ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides a decryption method, including: separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext data; wherein the second ciphertext data is obtained by the encryption method; decrypting the first ciphertext data, comprising: selecting a decryption algorithm and a decryption key, and encrypting the decryption key by using the selected decryption algorithm to obtain a decryption fingerprint; if the decryption fingerprint is matched with the encryption fingerprint separated from the second ciphertext data, decrypting the first ciphertext data by using the decryption algorithm and the decryption key to obtain plaintext data; and if the decrypted fingerprint is not matched with the encrypted fingerprint, repeating the step of decrypting the first ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides a decryption method, including: selecting a decryption algorithm and a decryption key, and decrypting the acquired ciphertext data by using the selected decryption algorithm and the selected decryption key; wherein, the ciphertext data is obtained by the encryption method; if the decryption is successful, second plaintext data is obtained; separating first plaintext data from the second plaintext data; and if the decryption fails, repeating the steps of the decryption method.
In order to achieve the above object, an embodiment of the present application further provides a server, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the encryption method, and/or the decryption method described above.
According to the method and the device, the selected encryption algorithm is used for encrypting the encryption key to obtain the encrypted fingerprint, so that the encryption key is difficult to break, namely, the security of the encryption key is improved, and the security of finally obtained ciphertext data is improved.
The method and the device avoid the problems of safety and compatibility brought by decryption, and the safety is that if the device is replaced, the encrypted data is not easy to obtain because the encryption key exists in an encrypted fingerprint form in the sending process, so that the safety problem of the encrypted data in the replacing process of the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, the key before the system is upgraded and the key after the system is upgraded do not need to be used for decryption at the same time, and the problem of compatibility is avoided. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
Drawings
Fig. 1 is a flow chart of an encryption method in a first embodiment of the present application;
fig. 2 is a flow chart of a decryption method in a second embodiment of the present application;
FIG. 3 is a flow chart of an encryption method in a third embodiment of the present application;
fig. 4 is a flow chart of a decryption method in a fourth embodiment of the present application;
fig. 5 is a flowchart of a decryption method in a fifth embodiment of the present application;
fig. 6 is a schematic structural diagram of a server in a sixth embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that in various embodiments of the invention, numerous technical details are set forth in order to provide a better understanding of the present application. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
A first embodiment of the present application relates to an encryption method applied to a terminal, for example: computers, etc. The specific flow of the encryption method of the present embodiment is shown in fig. 1, and includes:
and 101, encrypting the encryption key by using the selected encryption algorithm to obtain the encrypted fingerprint.
Specifically, the terminal stores an encryption algorithm and an encryption key input by a user in advance, or stores the encryption algorithm and the encryption key generated by the encryption chip, and the encryption algorithm and the encryption key can be respectively selected from the stored encryption algorithm and the stored encryption key; or the user temporarily inputs the encryption algorithm and the encryption key of the terminal when the encryption is needed, or the encryption algorithm and the encryption key temporarily generated by the encryption chip, and at this time, the temporarily input or generated encryption algorithm and encryption key are selected. The encryption algorithm includes a hash algorithm, for example: MD5(Message-Digest Algorithm), and the like. And a root key is preset in the terminal for encrypting the encryption key, the root key is stored in a Trusted Platform Module (TPM) of the terminal, and after the encryption algorithm and the encryption key are selected, the terminal encrypts the encryption key by using the selected encryption algorithm and the root key to obtain the encrypted fingerprint.
And 102, encrypting the plaintext data by using an encryption algorithm and an encryption key to obtain first ciphertext data.
And 103, confusing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data.
Specifically, the terminal encrypts plaintext data by using an encryption algorithm and an encryption key to obtain first ciphertext data, and then confuses the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data. Wherein the encrypted fingerprint and the first ciphertext data may exist in the form of a string. The obfuscation has a certain obfuscation rule, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data or an offset of the first ciphertext data in the encrypted fingerprint. For example: the terminal splices the encrypted fingerprint and the first ciphertext data, splices the previous encrypted fingerprint and the subsequent first ciphertext data, namely the confusion rule at the moment is that the offset of the encrypted fingerprint in the first ciphertext data is 0, and splices to obtain second ciphertext data. For another example: and the terminal confuses the encrypted fingerprint and the first ciphertext data, inserts the first ciphertext data into the indicated encrypted fingerprint, and inserts the first ciphertext data between the 10 th character and the 11 th character of the indicated encrypted fingerprint if the obfuscation rule is that the offset of the first ciphertext data in the encrypted fingerprint is 10 characters to obtain second ciphertext data.
In one example, the terminal obfuscates the encrypted fingerprint and the first ciphertext data based on an obfuscation algorithm. The obfuscating algorithm has a corresponding obfuscating rule, and the encrypted fingerprint and the first ciphertext data are obfuscated according to the obfuscating rule in the obfuscating algorithm.
In one example, the second ciphertext data may include information indicating an obfuscation rule. Specifically, the second ciphertext data exists in the form of a character string, information indicating an obfuscation rule is located at the first few character positions of the second ciphertext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data, or an offset of the first ciphertext data in the encrypted fingerprint. By carrying the information indicating the confusion rule in the second ciphertext data, the confusion rule can be known quickly during decryption, the first ciphertext data and the encrypted fingerprint can be decrypted quickly, and the decryption speed is improved.
In the embodiment, the encryption key is encrypted by using the encryption algorithm, so that the encryption key is difficult to break, the security of the encryption key is improved, first ciphertext data obtained by encrypting plaintext data by using the encryption algorithm and the encryption key is difficult to break, the security of the data is improved, after the first ciphertext data is obtained, the encryption fingerprint and the first ciphertext data are mixed to obtain second ciphertext data, and the security of the data is improved.
A second embodiment of the present application relates to a decryption method corresponding to the encryption method of the first embodiment, which is applied to a terminal, where the terminal of the second embodiment may be the same terminal as the terminal of the first embodiment, and a system in the terminal may change, and at this time, second ciphertext data is stored in the terminal; the terminal of the second embodiment may also be a terminal different from the terminal of the first embodiment, and at this time, the terminal of the second embodiment needs to receive the second ciphertext data sent by the terminal of the first embodiment; wherein the second ciphertext data is obtained by the encryption method of the first embodiment.
A specific flowchart of the decryption method of this embodiment is shown in fig. 2, and includes:
step 201, separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext data.
In one example, separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext includes: and identifying the information of the confusion rule from the acquired second ciphertext data, and separating the encrypted fingerprint and the first ciphertext data from the second ciphertext by using the information of the confusion rule.
Specifically, the information of the obfuscation rule in the second ciphertext data is located at the first few character positions of the second ciphertext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data, or an offset of the first ciphertext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second ciphertext data is confused with the first ciphertext data according to the information of the confusion rule, so that the encrypted fingerprint and the first ciphertext data can be separated from the second ciphertext data more quickly, and the decryption speed is improved. After the first ciphertext data is obtained, the first ciphertext data needs to be decrypted.
In one example, the second ciphertext data is obtained by mixing the encrypted fingerprint and the first ciphertext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the second ciphertext data, and when the second ciphertext data needs to be separated, the terminal can inquire the confusion algorithm stored locally and perform reverse operation by using the confusion algorithm to separate the encrypted fingerprint and the first ciphertext data from the second ciphertext data. After the first ciphertext data is obtained, the first ciphertext data needs to be decrypted.
Step 202, selecting a decryption algorithm and a decryption key, and encrypting the decryption key by using the selected decryption algorithm to obtain a decrypted fingerprint.
Step 203, determining whether the decrypted fingerprint matches the encrypted fingerprint separated from the second ciphertext data, if yes, entering step 204, and if not, entering step 202 again.
And step 204, decrypting the first ciphertext data by using a decryption algorithm and a decryption key to obtain plaintext data.
Specifically, the terminal stores one or more decryption algorithms and one or more decryption keys in advance, or one or more decryption algorithms and one or more decryption keys temporarily input by the user, where the decryption algorithms and decryption keys include a decryption algorithm corresponding to the encryption algorithm in the encryption method of the first embodiment and a decryption key corresponding to the encryption key, so that the terminal needs to randomly select or select the decryption algorithm and the decryption key according to a certain priority rule, and then encrypt the decryption key by using the selected decryption algorithm and the root key to obtain a decrypted fingerprint; wherein the root key used to encrypt the decryption key is the same as the root key used to encrypt the encryption key in the encryption method.
If the decryption fingerprint is matched with the encryption fingerprint, the correct decryption algorithm and the decryption key are obtained, and the first ciphertext data is decrypted by using the obtained correct decryption algorithm and the obtained decryption key to obtain plaintext data. If the decrypted fingerprint and the encrypted fingerprint do not match, it indicates that the correct decryption algorithm or decryption key is not obtained, and step 202 is re-entered. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once, and is not selected repeatedly, for example: the decryption algorithm 1 and the decryption key 1 are selected once, and when the decryption algorithm 1 and the decryption key 1 are selected again, the decryption algorithm 1 and the decryption key 1 are not selected at the same time; but may choose decryption algorithm 1 and decryption key 2, or decryption algorithm 2 and decryption key 1, or decryption algorithm 2 and decryption key 3, etc.
In this embodiment, by using such a method, a security problem or a compatibility problem caused by decryption is avoided, where the security is that, if a device is replaced, the encrypted data is not easily obtained in the process of sending the encrypted data because the encryption key exists in the form of an encrypted fingerprint, and the security problem of the encrypted data in the process of replacing the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, and the problem of compatibility is avoided by simultaneously using a key before the system is upgraded and a key after the system is upgraded for decryption. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
A third embodiment of the present application relates to an encryption method applied to a terminal, for example: computers, etc. The specific flow of the encryption method of this embodiment is shown in fig. 3, and includes:
step 301, encrypting the encryption key by using the selected encryption algorithm to obtain the encrypted fingerprint.
Step 301 is similar to step 101 in the first embodiment, and is not described herein again.
Step 302, confuse the encrypted fingerprint with the first plaintext data to obtain a second plaintext data.
And step 303, encrypting the second plaintext data by using the encryption algorithm and the encryption key to obtain ciphertext data.
Specifically, the terminal confuses the encrypted fingerprint and the first plaintext data to obtain second plaintext data; and then, encrypting the second plaintext data by using an encryption algorithm and an encryption key to obtain ciphertext data. Wherein the encrypted fingerprint and the first plaintext data are present in the form of a string. The obfuscation has a certain obfuscation rule, which is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. For example: and the terminal splices the encrypted fingerprint and the first plaintext data, splices the previous encrypted fingerprint and the following first plaintext data, namely the confusion rule at the moment is that the offset of the encrypted fingerprint in the first plaintext data is 0, and splices to obtain second plaintext data. For another example: and the terminal confuses the encrypted fingerprint and the first plaintext data, inserts the first plaintext data into the encrypted fingerprint, and inserts the first plaintext data between the 10 th character and the 11 th character of the encrypted fingerprint to obtain second plaintext data if the obfuscation rule indicates that the offset of the first plaintext data in the encrypted fingerprint is 10 characters.
In one example, the terminal obfuscates the encrypted fingerprint and the first plaintext data based on an obfuscation algorithm to obtain second plaintext data. The confusion algorithm has a corresponding confusion rule, and the encrypted fingerprint and the first ciphertext data are confused according to the confusion rule in the confusion algorithm to obtain second plaintext data.
In one example, the second plaintext data includes information indicating an obfuscation rule. Specifically, the second plaintext data exists in the form of a character string, the information indicating the obfuscation rule is in the first few character positions indicating the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. By carrying the information indicating the confusion rule in the second plaintext data, the confusion rule can be known quickly during decryption, the first plaintext data and the encrypted fingerprint can be decrypted quickly, and the decryption speed is improved.
In the embodiment, the encryption key is encrypted by using the encryption algorithm, so that the encryption key is difficult to break, that is, the security of the encryption key is improved, and the ciphertext data is difficult to break, that is, the security of the data is improved.
The fourth embodiment of the present application relates to a decryption method corresponding to the encryption method of the third embodiment, which is applied to a terminal, where the terminal of the fourth embodiment may be the same terminal as the terminal of the third embodiment, and a system in the terminal may be changed, and at this time, ciphertext data is stored in the terminal; the terminal of the fourth embodiment may also be a terminal different from the terminal of the third embodiment, and at this time, the terminal of the fourth embodiment needs to receive the ciphertext data sent by the terminal of the third embodiment; the ciphertext data is obtained by the encryption method of the third embodiment, and the ciphertext data needs to be decrypted in this embodiment.
A specific flowchart of the decryption method of this embodiment is shown in fig. 4, and includes:
step 401, selecting a decryption algorithm and a decryption key, and decrypting the obtained ciphertext data by using the selected decryption algorithm and the selected decryption key.
Step 402, judging whether the decryption is successful, if the decryption is successful, entering step 403, and then entering step 404; if the decryption fails, step 401 is entered.
In step 403, second plaintext data is obtained.
Specifically, the terminal stores one or more decryption algorithms and one or more decryption keys in advance, or one or more decryption algorithms and one or more decryption keys temporarily input by the user, so that the terminal selects the decryption algorithms and the decryption keys randomly or according to a certain priority rule, and performs trial decryption on the obtained ciphertext data by using the selected decryption algorithms and decryption keys. If the decryption is successful, the second plaintext data is obtained, and if the decryption is unsuccessful, the second plaintext data cannot be obtained, then step 401 is re-entered. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once, and is not selected repeatedly, for example: the decryption algorithm 1 and the decryption key 1 are selected once, and when the decryption algorithm 1 and the decryption key 1 are selected again, the decryption algorithm 1 and the decryption key 1 are not selected at the same time; but may choose decryption algorithm 1 and decryption key 2, or decryption algorithm 2 and decryption key 1, or decryption algorithm 2 and decryption key 3, etc.
In step 404, the first plaintext data is separated from the second plaintext data.
In one example, separating the first plaintext data from the second plaintext data comprises: information of the obfuscation rule is identified from the second plaintext data, and the first plaintext data is separated from the second plaintext data using the information of the obfuscation rule.
Specifically, the information of the obfuscation rule in the second plaintext data is at the first few character positions of the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second plaintext data is confused with the first plaintext data according to the information, so that the first plaintext data can be separated from the second plaintext data more quickly, and the decryption speed is improved.
In one example, the second plaintext data is obtained by mixing the encrypted fingerprint and the first plaintext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the ciphertext data, and when the second plaintext data needs to be separated, the terminal inquires the confusion algorithm stored locally and performs reverse operation by using the confusion algorithm to separate the first plaintext data from the second plaintext data.
In this embodiment, by using such a method, a security problem or a compatibility problem caused by decryption is avoided, where the security is that, if a device is replaced, the encrypted data is not easily obtained in the process of sending the encrypted data because the encryption key exists in the form of an encrypted fingerprint, and the security problem of the encrypted data in the process of replacing the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, and the problem of compatibility is avoided by simultaneously using a key before the system is upgraded and a key after the system is upgraded for decryption. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
A fifth embodiment of the present application relates to a decryption method corresponding to the encryption method of the third embodiment, which is applied to a terminal, and is substantially the same as the fourth embodiment, with the main difference that: it is further determined whether the first plaintext data is correct.
Fig. 5 shows a specific flowchart of the decryption method in this embodiment, which includes:
step 501, selecting a decryption algorithm and a decryption key, and decrypting the acquired ciphertext data by using the selected decryption algorithm and the selected decryption key.
Step 502, judging whether the decryption is successful, if the decryption is successful, entering step 503, and then entering step 504; if the decryption fails, step 501 is entered.
In step 503, second plaintext data is obtained.
Steps 501-503 are similar to steps 401-403 in the fourth embodiment, and are not described herein again.
Step 504 separates the encrypted fingerprint and the first plaintext data from the second plaintext data.
In one example, separating the encrypted fingerprint and the first plaintext data from the second plaintext data comprises: information of the obfuscation rule is identified from the second plaintext data, and the encrypted fingerprint and the first plaintext data are separated from the second plaintext data using the information of the obfuscation rule.
Specifically, the information of the obfuscation rule in the second plaintext data is at the first few character positions of the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second plaintext data is confused with the first plaintext data according to the information, so that the encrypted fingerprint and the first plaintext data can be separated from the second plaintext data more quickly, and the decryption speed is improved.
In one example, the second plaintext data is obtained by mixing the encrypted fingerprint and the first plaintext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the ciphertext data, and when the second plaintext data needs to be separated, the terminal inquires the confusion algorithm stored locally and performs reverse operation by using the confusion algorithm to separate the encrypted fingerprint and the first plaintext data from the second plaintext data.
And 505, encrypting the decryption key by using a decryption algorithm to obtain a decrypted fingerprint.
Step 506, determining whether the decrypted fingerprint matches the encrypted fingerprint separated from the second plaintext data, if yes, entering step 507, and if not, entering step 501 again.
In step 507, the first plaintext data is determined to be correct.
Specifically, in some cases, even if the ciphertext data is successfully decrypted using the selected decryption algorithm and decryption key, there is a possibility that the decryption algorithm is not the decryption algorithm corresponding to the encryption algorithm in the encryption method of the third embodiment and/or the decryption key is not the decryption key corresponding to the encryption key in the encryption method of the third embodiment, which results in the second plaintext data not being required by the terminal, i.e., the obtained second plaintext data is determined to be incorrect, and thus the obtained first plaintext data is determined to be incorrect.
The terminal stores the root key used for encrypting the encryption key in the encryption method in advance, so that the terminal can encrypt the decryption key by using the decryption algorithm and the root key to obtain the decryption fingerprint, if the decryption fingerprint is matched with the encryption fingerprint, the correct decryption algorithm and decryption key are obtained, the second plaintext data obtained by decrypting the ciphertext data by using the decryption algorithm and the decryption key is determined to be correct, and the first plaintext data separated from the second plaintext data is determined to be correct. If the decrypted fingerprint and the encrypted fingerprint are not matched, it is determined that the obtained decryption algorithm and the obtained decryption key are not correct, and further, it is determined that the second plaintext data obtained by decrypting the ciphertext data by using the decryption algorithm and the decryption key is incorrect, and further, it is determined that the first plaintext data separated from the second plaintext data is incorrect, and the process reenters step 501. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once and is not selected repeatedly.
In this embodiment, whether the obtained first plaintext data is correct may be determined by verifying whether the decrypted fingerprint and the encrypted fingerprint are matched.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A sixth embodiment of the present application relates to a server, as shown in fig. 6, including: includes at least one processor 602; and, a memory 601 communicatively coupled to the at least one processor; the memory 601 stores instructions executable by the at least one processor 602, and the instructions are executed by the at least one processor 602 to enable the at least one processor 602 to execute the encryption method of the first embodiment, and/or the decryption method of the second embodiment, and/or the encryption method of the third embodiment, and/or the decryption method of the fourth embodiment, and/or the decryption method of the fifth embodiment.
Where the memory 601 and the processor 602 are coupled by a bus, the bus may comprise any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 602 and the memory 601 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. Data processed by processor 602 is transmitted over a wireless medium through an antenna, which receives the data and transmits the data to processor 602.
The processor 602 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 601 may be used to store data used by processor 602 in performing operations.
A seventh embodiment of the present application relates to a computer-readable storage medium storing a computer program. The computer program, when executed by the processor, implements the encryption method of the first embodiment, and/or the decryption method of the second embodiment, and/or the encryption method of the third embodiment, and/or the decryption method of the fourth embodiment, and/or the decryption method of the fifth embodiment.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the present application, and that various changes in form and details may be made therein without departing from the spirit and scope of the present application in practice.

Claims (11)

1. An encryption method, comprising:
encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint;
encrypting plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data;
and mixing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data.
2. The encryption method according to claim 1, wherein information indicating an obfuscation rule is contained in the second ciphertext data.
3. An encryption method, comprising:
encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint;
obfuscating the encrypted fingerprint and the first plaintext data to obtain second plaintext data;
and encrypting the second plaintext data by using the encryption algorithm and the encryption key to obtain ciphertext data.
4. The encryption method according to claim 3, wherein the second plaintext data contains information indicating an obfuscation rule.
5. A decryption method, comprising:
separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext data; wherein the second ciphertext data is obtained by the encryption method of claim 1;
decrypting the first ciphertext data, comprising:
selecting a decryption algorithm and a decryption key, and encrypting the decryption key by using the selected decryption algorithm to obtain a decryption fingerprint;
if the decryption fingerprint is matched with the encryption fingerprint separated from the second ciphertext data, decrypting the first ciphertext data by using the decryption algorithm and the decryption key to obtain plaintext data;
and if the decrypted fingerprint is not matched with the encrypted fingerprint, repeating the step of decrypting the first ciphertext data.
6. The decryption method according to claim 5, wherein the separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext comprises:
and identifying information of an obfuscation rule from the acquired second ciphertext data, and separating the encrypted fingerprint and the first ciphertext data from the second ciphertext by using the information of the obfuscation rule.
7. A method of decryption, characterized in that,
selecting a decryption algorithm and a decryption key, and decrypting the acquired ciphertext data by using the selected decryption algorithm and the selected decryption key; wherein the ciphertext data is obtained by the encryption method of claim 4;
if the decryption is successful, second plaintext data is obtained;
separating first plaintext data from the second plaintext data;
and if the decryption fails, repeating the steps of the decryption method.
8. The decryption method according to claim 7, wherein said separating the first plaintext data from the second plaintext data comprises:
and identifying information of an obfuscation rule from the second plaintext data, and separating the first plaintext data from the second plaintext data by using the information of the obfuscation rule.
9. The decryption method according to claim 7, wherein said separating the first plaintext data from the second plaintext data comprises:
separating the encrypted fingerprint and the first plaintext data from the second plaintext data;
after the separating the encrypted fingerprint and the first plaintext data from the second plaintext, further comprising:
encrypting the decryption key by using the decryption algorithm to obtain a decrypted fingerprint;
if the decrypted fingerprint matches the encrypted fingerprint separated from the second plaintext data, determining that the first plaintext data is correct;
if the decrypted fingerprint and the encrypted fingerprint do not match, repeating the steps of the decryption method.
10. A server, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform an encryption method as claimed in any one of claims 1 to 2, and/or an encryption method as claimed in any one of claims 3 to 4, and/or a decryption method as claimed in any one of claims 5 to 6, and/or a decryption method as claimed in any one of claims 7 to 9.
11. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, implements an encryption method according to any one of claims 1 to 2, and/or an encryption method according to any one of claims 3 to 4, and/or a decryption method according to any one of claims 5 to 6, and/or a decryption method according to any one of claims 7 to 9.
CN202010586747.5A 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium Pending CN113839780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010586747.5A CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010586747.5A CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Publications (1)

Publication Number Publication Date
CN113839780A true CN113839780A (en) 2021-12-24

Family

ID=78964420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010586747.5A Pending CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Country Status (1)

Country Link
CN (1) CN113839780A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553491A (en) * 2022-01-24 2022-05-27 大唐互联科技(武汉)有限公司 Data grading encryption method, system and storage medium
CN114884716A (en) * 2022-04-28 2022-08-09 世融能量科技有限公司 Encryption and decryption method, device and medium
CN115208632A (en) * 2022-06-16 2022-10-18 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553491A (en) * 2022-01-24 2022-05-27 大唐互联科技(武汉)有限公司 Data grading encryption method, system and storage medium
CN114884716A (en) * 2022-04-28 2022-08-09 世融能量科技有限公司 Encryption and decryption method, device and medium
CN114884716B (en) * 2022-04-28 2024-02-27 世融能量科技有限公司 Encryption and decryption method, device and medium
CN115208632A (en) * 2022-06-16 2022-10-18 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system
CN115208632B (en) * 2022-06-16 2023-11-07 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system

Similar Documents

Publication Publication Date Title
CN110138744B (en) Method, device and system for replacing communication number, computer equipment and storage medium
US11361087B2 (en) Security data processing device
CN113839780A (en) Encryption method, decryption method, server and storage medium
US11329835B2 (en) Apparatus and method for authenticating IoT device based on PUF using white-box cryptography
CN101258505A (en) Secure software updates
US20170099144A1 (en) Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system
US11128455B2 (en) Data encryption method and system using device authentication key
US20220366030A1 (en) Password Management Method and Related Apparatus
CN108270739A (en) A kind of method and device of managing encrypted information
US11405202B2 (en) Key processing method and apparatus
CN115065472B (en) Security chip encryption and decryption method and device based on multi-key encryption and decryption
CN112883388B (en) File encryption method and device, storage medium and electronic device
CN104868998A (en) System, Device, And Method Of Provisioning Cryptographic Data To Electronic Devices
CN115129332A (en) Firmware burning method, computer equipment and readable storage medium
CN111132148B (en) Method and device for intelligent household appliance configuration network access and storage medium
CN115442032A (en) Data processing method, system on chip and readable storage medium
US20180013551A1 (en) Apparatus for obfuscating and restoring program execution code and method thereof
EP2689367B1 (en) Data protection using distributed security key
US20050223218A1 (en) Storing of data in a device
CN114969768A (en) Data processing method and device and storage medium
CN109918877A (en) A kind of data ciphering method, system, client and computer readable storage medium
CN109977692B (en) Data processing method and device, storage medium and electronic equipment
CN105430022A (en) Data input control method and terminal equipment
CN117499023B (en) Hardware security method, device and storage medium based on AES algorithm
CN111246480A (en) Application communication method, system, equipment and storage medium based on SIM card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination